Strong authentication is cybersecurity’s best defense.

The Verizon Data Breach Digest, Scenarios from the Field summarizes over 500 cybersecurity investigations. The Digest informs organizations about security attacks, the methods used and victims. It shows a limited number of techniques describe most incidents. In fact, twelve scenarios represent over 60% of all investigations.

The report groups the data breach scenarios into the following categories:

The Human Element— human threats or targets.

Conduit Devices— Device misuse or tampering.

Configuration Exploitation— Reconfigured or misconfigured settings.

Malicious Software—Sophisticated special-purpose illicit software.

Identity Management and The Human Element

Generally, humans are considered the weakest link in an information security strategy. Exploiting professionals for access enabled almost 30% of data breaches last year. For The Human Element, phishing (72%) represent a majority of attacks. Scenarios 1 to 6 identify people and trusted roles as the threat.

The report points out the top two methods take advantage of weak authentication. All total, 80% of breaches result from stolen, weak, default or guessable passwords. Weak authentication, passwords, and unsafe password protection also allow foster greater damage. To mitigate human risks, Verizon recommends user education, audits checks, and strong authentication combined with identity and access management.

In thirteen scenarios, multi-factor authentication would limit or prevent the breach altogether. Multi-factor authentication makes using stolen credentials more difficult. It also should be implemented for financial system access and combat credentials.

Top Cybersecurity Incidents, Frequency and Industries

The Verizon Data Breach Scenarios prescribe prevention, mitigation, and response controls. The following lists the Scenarios, their Frequency, and Industry focus.